Re: Am I understanding this right?

From: David Efflandt (efflandt_at_xnet.com)
Date: 09/13/03


Date: Sat, 13 Sep 2003 03:34:54 +0000 (UTC)

On Fri, 12 Sep 2003, Fao, Sean <enceladus311@yahoo.comI-WANT-NO-SPAM> wrote:
> I decided that I wanted to use a Linux server for a VPN. Now that the 2.6.x
> kernel is almost out with IPSec included, I thought I would put together a
> test system to route private traffic to my Windows server at work.
>
> What I would like to be able to do is this:
>
> Home PC -> Linux Server -> Internet -> Windows Server -> Work LAN
>
> What I had thought is that I would set up my router so that anything
> intended for the companies private IP address block would be routed over the
> VPN, while anything else would just go through normally. The one thing that
> I didn't want to have to do was connect with a Windows client; I can already
> do that and I don't like it because once I connect, everything goes through
> the VPN. Also, if I were to ever set this up at work, I wouldn't want the
> users to have to make another manual connection.

I do not know how ipsec in the new kernels will work, but judging from
freeswan, it would just be a matter of proper routing on your Linux server
(along with iptables rules to allow what you need to). You would just
need a -net route to your factory LAN or WAN using ipsec0 for interface
(which may be automatic when ipsec is connected), and default route to
internet.

Our company does that, but using SonicWall hardware devices. So traffic
for private IPs at our factory WAN go through the VPN (1700 miles), and
internet traffic goes directly out our sdsl.

-- 
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/


Relevant Pages

  • [Linux 2.6] racoon questions
    ... kernel 2.5/2.6 implementation of IPSec ... Im not sure if i got the real purpose of racoon. ... I have here debian unstable with kernel 2.6.0-test8 and ipsec-tools 0.2.2 ... The university providides a CISCO VPN userspace programm to do that. ...
    (Debian-User)
  • Re: VPN From W2K/Pro to W2K Server Doesnt Work Through IPCHAINS Firewall
    ... >> sounds like you are using, instead, Microsoft's PPTP VPN technology. ... >> This document describes both IPsec and PPTP passthrough. ... Have you ever tried this with the default W2K VPN client setup? ... Which distro and version (and kernel version) are you using? ...
    (comp.os.linux.security)
  • Am I understanding this right?
    ... I decided that I wanted to use a Linux server for a VPN. ... With IPSec built in to the new kernel, can I some how configure some ...
    (alt.os.linux)
  • Re: VPN From W2K/Pro to W2K Server Doesnt Work Through IPCHAINS Firewall
    ... The W2K VPN is PPTP and I've only used IPsec. ... I now remember that MS added their IPsec ... really have to rebuild the kernel? ...
    (comp.os.linux.security)
  • Re: Secure VPN access
    ... Is there any document or a guidance one about configuring IPSec ... available in Microsoft SBS server side also. ... do you mean you want to create VPN between SBS and a ...
    (microsoft.public.windows.server.sbs)